1

Power Grid AC-based State Estimation: Vulnerability Analysis Against Cyber Attacks

Ming Jin1, Javad Lavaei2, and Karl Henrik Johansson3

Abstract—To ensure grid efficiency and reliability, power transmission and distribution infrastructures are collected and system operators continuously monitor the operational char- filtered in order to facilitate a key procedure known as power acteristics of the grid through a critical process called state system state estimation (SE), which is conducted on a regular estimation (SE), which performs the task by filtering and fusing various measurements collected from grid sensors. This study basis (e.g., every few minutes), as shown in Fig. 1 [4]–[6]. The analyzes the vulnerability of the key operation module, namely outcome presents system operators with essential information AC-based SE, against potential cyber attacks on data integrity, about the real-time operating status to improve situational also known as false data injection attack (FDIA). A general awareness, make economic decisions, and take contingency form of FDIA can be formulated as an optimization problem, actions in response to potential threat that could engander the whose objective is to find a stealthy and sparse data injection vector on the sensor measurements with the aim of making the grid reliability [7]. state estimate spurious and misleading. Due to the nonlinear In smart grid where information is sent via remote terminal AC measurement model and the cardinality constraint, the units (RTUs), maintaining the security of the communication problem includes both continuous and discrete nonlinearities. network is imperative to guard against system intrusion and To solve the FDIA problem efficiently, we propose a novel ensure operational integrity [5], [9], [10]. However, traditional convexification framework based on semidefinite programming (SDP). By analyzing a globally optimal SDP solution, we delineate approaches such as security software, firewalls, and “air gaps”, the “attackable region” for any given set of measurement types i.e., no connection between systems, are recognized as inade- and grid topology, where the spurious state can be falsified by quate in the face of growing likelihood of breaches and cyber FDIA. Furthermore, we prove that the attack is stealthy and threat, such as the 2016 cyber attack on Ukraine’s electricity sparse, and derive performance bounds. Simulation results on infrastructure [11], [12]. In a recent report from the National various IEEE test cases indicate the efficacy of the proposed convexification approach. From the grid protection point of view, Academies of Sciences, Engineering, and Medicine, titled the results of this study can be used to design a security metric “Enhancing the resilience of the nation’s electricity system”, for the current practice against cyber attacks, redesign the bad the committee concluded that the United States’ electric grid data detection scheme, and inform proposals of grid hardening. is vulnerable to a range of threats, among which terrorism and From a theoretical point of view, the proposed framework can cyber attacks are most severe and could potentially cause long- be used for other nonconvex problems in power systems and beyond. term and widespread blackouts [7]. A process called “envision- ing process” is recommended to improve the cyber security Index Terms—State estimation, nonconvex optimization, con- and resilience, which stresses the importance of “anticipating vexification, semidefinite programming, false data injection at- tack, cyber attack, power system, resilience, security myriad ways in which the system might be disrupted and the many social, economic, and other consequences of such disruptions”. I.INTRODUCTION The objective of this study is to analyze power grid vul- HE convergence of automation and information technol- nerability against cyber attack – more specifically, one critical T ogy has enhanced reliability, efficiency, and agility of the class of threat known as false data injection attack (FDIA), modern grid [1]–[3]. Managed by supervisory control and data which attempts to stealthily modify data to introduce error into acquisition (SCADA) systems, a wealth of sensor data from grid SE (Fig. 1) [12], [13]. To stage an FDIA, the attacker needs to compromise power measurements by hacking the 1Ming Jin is with the Department of Electrical Engineering and Com- communication with SCADA. Previous works [13]–[19] have puter Sciences, University of California, Berkeley, CA 94720, USA. Email: [email protected] demonstrated that a stealth FDIA is possible to evade bad data 2Javad Lavaei is with the Department of Industrial Engineering and detection (BDD) by the control center, and can cause potential Operations Research, University of California, Berkeley, CA 94720, USA. damages of load shedding [18], economic loss [12], [20], Email: [email protected] and even blackouts [21]. While these works have primarily 3Karl H. Johansson is with the School of Electrical Engineer- ing, KTH Royal Institute of Technology, Stockholm, Sweden. Email: studied a simplified power flow model, i.e., DC model [13]– [email protected] [19], [22], [23], an FDIA based on a more accurate AC model *This work was supported by DARPA YFA, ONR YIP Award, ARO is within the realm of possibility [4]. In a system where Award, AFOSR YIP Award, and NSF CAREER Award. Johansson was partially supported by the Knut and Alice Wallenberg Foundation, the Swedish measurements are nonlinear functions of the state parameters, Strategic Research Foundation, and the Swedish Research Council. Parts of it is usually not easy to construct a state that evades BDD. this work have appeared in the conference paper “Ming Jin, Javad Lavaei, and Indeed, DC-based FDIA can be easily detected by AC-based Karl Henrik Johansson, A semidefinite programming relaxation under false data injection attacks against power grid AC state estimation, IEEE Allerton BDD [9], [24]. On the other hand, the nonlinearity of equality Conference on Communication, Control, and Computing, 2017”. power-flow constraints also makes the co-existence of multiple 2

Adversary

Breaker/switch System Generators, status indications Network updates State DERs topology estimator Telemetry & Analog measurements communication Generator outputs BDD Automatic generation control Substations

Outputs: Security- power system constrained states optimal power flow (SC-OPF)

Security Contingency Contingency analysis analysis selection Overload & voltage

Fig. 1: Illustration of power system operation and its vulnerability to cyber attack (adapted from [8]). With unfettered access to the communication network and grid information system through cyber intrusion, an adversary would be able to stage an attack on the system without any physical sabotage, by simply injecting false data to the state estimator to impact the decision making for the system. states and spurious solutions possible, which is a fundamental [24]. The paper [25] introduced a graph-based algorithm to reason why an AC-based FDIA with sparse attacks is feasible identify a set of compromised sensors that suffices to construct and perhaps more detrimental than an DC-based FDIA. Once an unobservable attack; however, this only offers an upper constructed, this new class of attacks could be hard to detect by bound on the cardinality, rather than resource-constrained existing methods. Thus, it is vital to understand its mechanism sparsity. The work [24] studied AC-based FDIA based on and devise protection/detection methods to thwart such attacks. linearization around the target state under the assumption that SE is obtained by a specific algorithm, which could be too stringent in practice. A. Related Work Differentiated from prior literature, this study is the first of Potential adversarial FDIA strategies have been addressed its kind to solve a general FDIA for the AC-based SE, with in previous works on power system vulnerability analysis theoretical guarantees of sparsity and unobservability. [13], [15], [18], [24], [25]. The negative impacts and possible defense mechanisms have also been studied [14], [15], [18], B. Contributions [21]. From a practitioner’s point of view, there are mainly Motivated by the theoretical challenges of continuous non- two categories, based on either DC or AC models [12], [20]. convexity and discrete nonlinearity posed by AC-based FDIA, For DC-FDIA, an unobservability condition was derived and we propose a novel convexification framework using semidef- the attack was numerically shown to be sparse [13], [15], inite programming (SDP), and prove conditions on stealth [18]. Distributed DC-FDIA with partial knowledge about the attack and performance bounds. This broadens the perspectives topology was considered in [9], [19]. The vulnerability was on power system security and vulnerability analysis. By inves- quantified by the minimum number of sensors needed to tigating the least-effort strategy from the attacker’s perspective, compromise in order to stage stealth FDIA [14], [15], [17]. this study provides a realistic metric for the grid security based This can be formulated as a minimum cardinality problem, on the number of individual sensors required to thwart an where different algorithms have been proposed for efficient FDIA. The results also motivate protection mechanisms for computation [22], [23]. As for the attack impact, FDIA has AC-based SE, such as the redesign of BDD [26]. The main been studied on the electric market [16] and load redistribution contributions of this work are as follows: [18] to show significant financial losses. • Formulation of a novel convexification framework based Only a few works have been published on AC-based FDIA, on SDP to solve the AC-based FDIA problem for a near- due to the recognized complexity of nonlinear systems [5], globally optimal strategy; 3

• Analysis of the outcome of the SDP framework from the II.VULNERABILITYOF AC-BASED STATE ESTIMATION perspectives of the attackable region, attack stealthiness, A. Power system modeling and performance bounds; • Simulation study on an array of power systems to illus- We model the electric grid as a graph G := {N , L}, where trate that the planned attack is sparse and stealthy. N := [nb] and L := [nl] represent its set of buses and branches. Denote the admittance of each branch l ∈ L that We also note that the presented method has both practical and connects bus s and bus t as y . The mathematical framework theoretical implications on solving real-world nonlinear and st of this work applies to more detailed models with shunt nonconvex problems beyond AC-based FDIA. elements and transformers; but to streamline the presentation, these are not considered in the theoretical analysis of this C. Organization paper. The grid topology is encoded in the bus admittance matrix Y ∈ Cnb×nb , as well as the from and to branch The rest of the paper is organized as follows. We will nl×nb nl×nb admittance matrices Yf ∈ C and Yt ∈ C , first introduce the notations used throughout the paper in respectively (see [27], Ch. 3). the following section. Sec. II provides an overview of the The power system state is described by the bus voltage > vulnerability issue of AC-based SE. More specifically, we will   nb vector v = v1, ..., vnb ∈ C , where vk ∈ C is the complex introduce the power system modeling, AC-based SE methods, voltage at bus k ∈ N with magnitude |vk| and phase ∠vk. as well as a general framework of FDIA for AC-based SE. Given the complex nodal vector, the nodal current injection Since the presented framework is nonconvex, a convexification can be written as i = Yv, and the branch currents at the framework based on SDP is proposed in Sec. III. We will from and to ends of all branches are given by if = Yf v and analyze the (global) optimal solution of this SDP in terms of it = Ytv, respectively. Define {e1, ..., enb } and {d1, ..., dnl } the “attackable region” (Sec. III-B) and performance bounds n n as the sets of canonical vectors in R b and R l , respectively. (Sec. III-C). Experimental results on several IEEE bus systems We can derive various types of power and voltage measure- are discussed in Sec. IV. Conclusions are drawn in Sec. V. ments as follows: • Voltage magnitude. The voltage magnitude at bus k is 2 ∗ > D. Notations given by |vk| = trace (Ekvv ), where Ek := ekek . • Nodal power injection. The power injection at bus node Set notations. We use and as the sets of real and R C k consists of real and reactive powers, pk + iqk, where: complex numbers, and Sn and Hn to represent the spaces of ∗ 1 ∗ ∗
n × n real symmetric matrices and n × n complex Hermitian pk = < (ikvk) = trace 2 (Y Ek + EkY) vv matrices, respectively. A set of indices {1, 2, ..., k} is denoted ∗ 1 ∗ ∗
qk = = (ikvk) = trace 2i (Y Ek − EkY) vv . by [k]. The set cardinality Card(·) is the number of elements in a set. The support of a vector x, denoted as supp (x), is the • Branch power flows. Given a line l ∈ L from node set of indices of the nonzero entries of x. For a set S ⊂ Rn, s to node t, the real and reactive power flows in both we use Sc = Rnm \S to denote its complement. The notation directions are given by: int Γ is used to represent the interior of the set Γ. p(l) = < ([i ]∗v ) = trace 1 Y∗d e> + e d>Y
vv∗
Matrix notations. Vectors are shown by bold letters, and f f l s 2 f l s s l f (l) ∗ 1 ∗ > >
∗
matrices are shown by bold and capital letters. The symbols pt = < ([if ]l vt) = trace 2 Yf dlet + etdl Yf vv 0 , 1 , 0 , I denote the n × 1 zero vector, n × 1 (l) n n m×n n×n q = = ([i ]∗v ) = trace 1 Y∗d e> − e d>Y
vv∗
one vector, m × n zero matrix, and n × n identity matrix, f f l s 2i f l s s l f (l) ∗ 1 ∗ > >
∗
respectively. Let [x]i denote the i-th element of the vector x. qt = = ([if ]l vt) = trace 2i Yf dlet − etdl Yf vv . For an m×n matrix W, let W[X , Y] denote the submatrix of W whose rows are chosen from X ∈ [m] and whose columns Thus, each common measurement in power systems that are chosen from Y ∈ [n]. The notation W  0 indicates that belongs to one of the above measurement types can be written W is Hermitian and positive semidefinite (PSD), and W 0 as: ∗ indicates that W is Hermitian and positive definite. fi(v) = trace (Mivv ), (1) Operator notations. The symbols (·)> and (·)∗ represent where M ∈ nb is the Hermitian measurement matrix for <(·) i H the transpose and conjugate transpose operators. We use , the i-th noiseless measurement (it is straightforward to include =(·) (·) det(·) , trace , and to denote the real part, imaginary linear PMU measurements in our analysis as well). part, trace, and determinant of a scalar/matrix. The dot product > n is represented by x1 · x2 = x1 x2, for x1, x2 ∈ R . The imaginary unit is denoted as i. The notations ∠x and B. AC-based state estimation |x| indicate the angle and magnitude of a complex scalar; The SE problem aims at finding the unknown operating moreover, ∠x and |x| are defined based on the angles and point of a power network, namely v, based on a given set of magnitudes of all entries of the vector x. For a convex function measurements. During the operation, a set of measurements g(x), we use ∂g(x) to denote its subgradient. The notations nm m ∈ R are acquired: kxk0, kxk1, kxk2 and kxk∞ show the cardinality, 1-norm, 2-form and ∞-norm of x. m = f(v) + e + b, (2) 4 where f : Cnb 7→ Rnm is the measurement function whose levels to detect large residuals, whose corresponding data are scalar elements are designated in (1), e ∈ Rnm denotes discarded and a new iteration of SE starts. This procedure is random noise, and b ∈ Rnm is the bad data error that accounts able to sift out randomly occurring bad data; however, it can for sensor failure or adversarial injection. In the case of no bad be ineffective to guard against systematically fabricated bad data error, the common strategy for solving SE is to form the data, a type of cyber attack known as FDIA. nonlinear weighted least squares problem:

nm C. FDIA framework X 2 min wi(mi − fi(vˆ)) , (3) vˆ∈V FDIA is a cyber attack on the data analytic process, where i=1 a malicious agent intentionally injects false data b ∈ Rnm where V is the region of potential operating points, wi is the into the nm grid sensors to make system operators believe in inverse variance of sensor i, and fi(vˆ) is given in (1). an operating state, namely v˜, other than the true state v [9], In the case that the sensor measurements are not corrupted [12]. As an illustrative example (Fig. 2), the operator would by bad data and noise, i.e., b = e = 0, we describe a be “tricked” if the attacker manages to tamper with certain condition under which a state is “observable” based on the power flow measurements to generate a fake state estimate of measurement types (matrices) M = {M1, ..., Mnm } [28]. the system. First, we introduce some notations. Let O denote the set of FDIA differs from randomly occurring bad data in its stealth n all buses except the slack bus. The complex vector v ∈ C b operation to evade BDD. Existing works have investigated can be represented by its real-valued counterpart: stealth conditions for FDIA on DC-based SE [13], [15]. The  >
>
> 2n −1 following definition of “stealth” is provided to include cases v = < v[N ] = v[O] ∈ R b . of both DC- and AC-based models. Accordingly, any n × n Hermitian matrix M can be charac- Definition 2 (Stealth). An attack b is stealthy under state v terized by a (2n − 1) × (2n − 1) real skew-symmetric matrix: if, in the absence of the measurement noise e, there exists a < (M[N , N ]) −= (M[N , O]) M = ∈ (2n−1)×(2n−1). nonzero vector c such that f(v) + b = f(v + c). = (M[O, N ]) < (M[O, O]) R The following lemma provides a sufficient condition for AC- Based on (1) and the above notations, the vector-valued func- based attacks to remain stealthy. tion f(v) maps the state to a set of noiseless measurements: Lemma 1 (Sufficient condition for stealth attack). An attack b  ∗   >  v M1v v M1v is stealthy if there exists a nonzero vector c such that Mic = 0  .   .  nm for every i ∈ [nm] that is not in the support of b. f(v) =  .  =  .  ∈ R , (4) ∗ > Proof. Since f (v) = trace (M vv∗), we have v Mnm v v Mnm v i i ∗ whose Jacobian matrix is given by: fi(v + c) = trace (Mi(v + c)(v + c) ) = fi(v),   J(v) = 2 M1v ··· Mnm v . (5) for every i ∈ [nm] that is not in the support of b. Motivated by the inverse function theorem, which states that Lemma 1 implies that an attack is unobservable if the state the inverse of the function f(v) exists locally if J(v) has full deviation c lies in the null space of the measurement matrices row rank, an “observability” definition is introduced below. of those sensors the attacker does not tamper with. This is applicable to the situation discussed in [25] for a single bus Definition 1 (Observability). A state v ∈ nb is observable C attack. To better understand this, consider a vector c that has from a set of measurement types M if the Jacobian J(v) has zeros everywhere except at location j. Since the j-th column full row rank. For a given set of measurement types M, the of M , denoted as [M ] , is zero unless M corresponds to the observable set V(M) is the set of all observable states. i i :j i measurement of a branch that connects to bus j, this delineates In practice, the SE problem (3) can be solved efficiently a “superset” of sensors needed to hack to guarantee a stealth using first-order methods such as the Gauss-Newton algorithm attack. or a recent method based on SDP relaxation [6], [28]. Fur- An upper bound on the minimum number of compromised thermore, as implied by the observability property and the sensors can be derived for a multi-bus attack; however, the Kantorovich theorem, if the state v is observable, then we can sufficient condition could be too stringent because the attacker ∗ ∗ find it using the Gauss-Newton method by starting from any only needs to satisfy bi = trace (Micc ) + trace (Micv ) + ∗ initial point sufficiently close to v. trace (Mivc ) = 0 for all i 6∈ supp (b) to remain stealthy. As captured by the bad data vector b, the sensor mea- For instance, consider the system in Fig. 2. Since the bus surements might be corrupted by aberrant data. The common states are all under attack, the upper bound on the minimum practice is to employ a BDD based on statistical hypothesis number of sensors to infiltrate is 40, or all the measurements, testing [5]. Under the null hypothesis that no bad injection according to [25] and Lemma 1. But due to the “clever” 2 exists, namely bi = 0, the residual (mi − fi(vˆ)) should design, FDIA is conducted successfully by tampering with follow the chi-squared distribution, where vˆ is the estimated only 18 sensors, which is a sparser subset of the upper bound. state and the random error ei is assumed to be normally It is also worthwhile to note that one can think of a strategy distributed. A threshold value is set based on confidence that offsets the phases of bus voltages at bus 2, 3, 5 and 6 by 5

2 a constant. This will keep the real power flows the same as • State deviation attack: h(v˜) = −kv˜ − vk2, which yields before and only change the reactive flows. However, even with the estimated state v˜ to be maximally different from the this ad hoc strategy, the number of sensors to tamper with is true state v. 19. This indicates the efficiency of the demonstrated strategy. An FDIA attack can be formed by solving (NC-FDIA) with However, to find such an attack vector, a general strategy one of the above objectives; however, the problem is challeng- can be formulated as an optimization problem to maximize ing due to: 1) a possibly nonconvex objective function, e.g., sabotage with limited resources and to evade detection: concave for the state deviation attack, 2) nonlinear equalities, min h(v˜) and 3) cardinality constraints. The next section develops an n n v˜∈C b ,b∈R m efficient strategy to deal with these issues. s. t. f(v˜) = m + b (NC-FDIA)

kbk0 ≤ c III.SDP CONVEXIFICATION OF THE FDIA PROBLEM where f(·) is the AC-model measurement function (1), v˜ is the spurious state, h(·) is an optimization criterion to be Since the original attack problem (NC-FDIA) is nonconvex specified later, and c is a constant number. The constraints and difficult to tackle, we propose a convexification method amount to the unobservability condition (Definition 2) and the based on SDP, which can be solved efficiently. Based on sparsity requirement. The following assumption is made on this framework, an “attackable region” of system states is the adversary attack capability: characterized, where a strategy is guaranteed to exist and can be found efficiently. To streamline the presentation, we Assumption 1. The attacker can form a strategy after access- focus the analysis on the case of “target state attack”, where ing the grid topology and the measurement vector m. 2 h(v˜) = kv˜ −vtgk2 with vtg chosen by the adversary a priori. The above assumption depicts a powerful adversary and a The results hold for many other objective functions as well. completely adversarial scenario. Using the full set of measure- ments, the attacker can perform SE to estimate the true state v, and tailor the attack to be stealthy. However, if this assumption A. SDP convexification is violated, the attacker risks being detected by the BDD [9]. n The analysis provided in this paper is based on Assumption 1 By introducing an auxiliary variable W ∈ H b and the ¯ ∗ ∗ because it helps understand the behavior of the system under associated function h(v˜, W) = trace (W) − v˜ vtg − vtgv˜, the worst attack possible (using the full knowledge of the (NC-FDIA) can be reformulated as: system) and simplifies the mathematical treatment. min h¯(v˜, W) Several objectives are possible for the attacker to fulfill v˜∈ nb ,b∈ nm , C nR various malicious goals, such as: W∈H b 2 s. t. trace (MiW) = mi + bi, ∀i ∈ [nm] • Target state attack: h(v˜) = kv˜ − vtgk2, which intention- ally misguides the operator towards vtg; kbk0 ≤ c 2 ∗ • Voltage collapse attack: h(v˜) = kv˜k2, which deceives W = v˜v˜ the operator to believe in low voltages; (NC-FDIA-r)

True system state Spurious system state (1,0°) (0.95,2°) (0.96,5°) (1,0°) (0.86,1.3°) (0.87,5°) 1 2 3 1 2 3

6 5 4 6 5 4

(0.95,4°) (0.98,10°) (1.02,25°) (0.87,3.8°) (0.90,11°) (1.02,25°) ~ ~

Original sensor measurements Spurious sensor measurements

P1 v1 P2 Q2 P3 Q3 P4 v4 P5 Q5 P6 Q6 P1 v1 P2 Q2 P3 Q3 P4 v4 P5 Q5 P6 Q6 .087 1 -.504 -.110 -.067 .048 1.668 1.02 -.134 .588 -.570 .180 .580 1 -.914 -.365 -.067 .048 1.870 1.02 -.319 .053 -.570 .180

p12 p21 p23 p32 p45 p54 p56 p65 p26 p62 p35 p53 p36 p63 p12 p21 p23 p32 p45 p54 p56 p65 p26 p62 p35 p53 p36 p63 .087 -.069 -.280 .293 1.668 -1.319 .659 -.604 -.155 .160 -.488 .526 .128 -.126 .580 -.485 -.280 .293 1.870 -1.522 .659 -.604 -.155 .160 -.488 .526 .128 -.126

q12 q21 q23 q32 q45 q54 q56 q65 q26 q62 q35 q53 q36 q63 q12 q21 q23 q32 q45 q54 q56 q65 q26 q62 q35 q53 q36 q63 .394 -.423 .175 -.207 -.945 1.244 -.338 .347 .138 -.177 .309 -.318 -.054 .010 .757 -.705 .189 -.207 -.372 .674 -.319 .347 .151 -.177 .309 -.302 -.054 .010

Fig. 2: An example of a 6-bus system, where the nodal voltage magnitudes and power injections as well as branch power flows are measured (p.u.). The attacker injects false data (red) to influence the bus state estimates (shown on the right side of each bus). The per unit bases for power and voltage are 100MW and 240KV, respectively. The line admittance values are identical to 1 + 1i. The FDIA injection is solved by SDP-FDIA, with parameters shown in Table I. Note that pij and qij show the active and reactive power flows over the line (i, j). 6

A cardinality-included SDP relaxation of the above nonconvex results. Instead, a more general penalty term in the form of ∗ problem can be obtained by replacing W = v˜v˜ with a trace (M0W) will be used in this paper: general PSD constraint: ¯ min h(v˜, W) + trace (M0W) v˜∈ nb ,b∈ nm , C nR min h¯(v˜, W) W∈H b v˜∈ nb ,b∈ nm , C nR s. t. trace (MiW) = mi + bi, ∀i ∈ [nm] W∈H b kbk0 ≤ c s. t. trace (MiW) = mi + bi, ∀i ∈ [nm] 1 v˜∗  kbk0 ≤ c  0, v˜ W 1 v˜∗   0 (NC-FDIA-p) v˜ W where M is to be designed. Similar to Lasso [30], we can (NC-FDIA-c) 0 replace the cardinality constraint in the above problem with To study the relationship between the nonconvex prob- an l -norm penalty added to the objective function to induce lem (NC-FDIA-r) and its cardinality-included relaxation 1 sparsity, which leads to the convex program: (NC-FDIA-c), we define an augmented matrix: ¯ min h(v˜, W) + trace (M0W) + αkbk1 v˜∈ nb ,b∈ nm ,  ∗  C nR ˆ 1 vˆ W∈H b Z = ˆ , (6) vˆ W s. t. trace (MiW) = mi + bi, ∀i ∈ [nm] 1 v˜∗   0 where (vˆ, Wˆ ) is a solution of (NC-FDIA-c). It is straightfor- v˜ W ward to verify that if rank(Zˆ ) is equal to 1, then we must have (SDP-FDIA) Wˆ = vˆvˆ∗. Thus, (vˆ, Wˆ ) is feasible for (NC-FDIA-r) and con- where α is a constant regularization parameter. After this sequently optimal since the objective value of (NC-FDIA-c) convexification, (SDP-FDIA) is thus an SDP (after reformu- is a lower bound for (NC-FDIA-r). In fact, by exploring lating the l1-norm term in a linear way), which can be solved the special features of the problem, we can derive a milder efficiently using standard numerical solvers (e.g., SeDuMi and condition to guarantee the equivalence. This will be elaborated SDPT3) [31]. On the other hand, we recognize that by includ- next. ing penalty terms for rank and sparsity, we inevitably introduce bias to the optimization problem. Thus, the result obtained Assumption 2a. Given a solution (vˆ, Wˆ , bˆ) of (NC-FDIA-c), by (SDP-FDIA) should be described as “near-optimal”, in vˆ and v point along the same “general direction” in the tg comparison to a global minimum of NC-FDIA. This is an sense that: artifact that arises from the computational complexity of the ∗ ∗ vˆ vtg + vtgvˆ > 0. (7) problem, and can be only remedied by a careful selection of the penalty coefficients. Assumption 2b. Given a solution (vˆ, Wˆ , bˆ) of (SDP-FDIA), Note that the objective function of (NC-FDIA-c) helps with vˆ and vtg have the same general direction in the sense of (7). the satisfaction of Assumption 2a, since the objective aims at making vˆ and vtg be as close as possible to each other. Lemma 2 (Stealth attack). Let (vˆ, Wˆ , bˆ) be a solution of ˆ Theorem 1. The relaxation (NC-FDIA-c) recovers a solution (SDP-FDIA) satisfying Assumption 2b. The attack b is stealthy ˆ of the nonconvex problem (NC-FDIA) and finds an optimal if rank(W) = 1. attack if it has a solution (vˆ, Wˆ , bˆ) satisfying Assumption 2a Proof. See Appendix A. such that rank(Wˆ ) = 1. B. Attackable region Proof. See Appendix A. In this section, we first introduce and characterize the set of ˆ ˆ voltages that the attacker can achieve by solving (SDP-FDIA) Theorem 1 ensures that if rank(W) = 1, then rank(Z) = 1 for the malicious data injection. Then, we analyze the sabotage (even though it could theoretically be 2), in which case scale under the studied FDIA. Throughout this section, let (NC-FDIA-c) is able to find an optimal attack. Nevertheless, (vˆ, Wˆ , bˆ) denote an optimal solution of (SDP-FDIA). Given the optimal solution of (NC-FDIA-c) is not guaranteed to be any stealth attack b, we define an optimization problem based rank-1, and in addition the cardinality constraint kbk0 ≤ c in on (SDP-FDIA) to minimize over (v, W) with a fixed b, and this optimization problem is intractable. We introduce a series denote its optimal objective value as g(b): of techniques to deal with each issue. ¯ g(b) = min h(v˜, W) + trace (M0W) To enforce (NC-FDIA-c) to possess a rank-1 solution, v˜∈ nb , C n we aim at penalizing the rank of its solution via a convex W∈H b term. The literature of compressed sensing suggests using the s. t. trace (MiW) = mi + bi, ∀i ∈ [nm] nuclear norm penalty trace (W) [29]. However, this penalty 1 v˜∗   0 is not appropriate for power systems, since it penalizes the v˜ W voltage magnitude at each bus and may yield impractical (FDIA-SE) 7

In the following, we will use g(b) as a proxy for the sabotage the nodal bus injections. Then, we have V(M) ∩ R(Y) ⊆ scale.1 Now, we define an “attackable” state below. A(M, ρ) for some ρ > 0.

Definition 3 (Attackable state). A state vat is attackable if Proof. See Appendix D. ∗ (vat, W = vatvat) is the unique and optimal solution of (FDIA-SE) for some stealth attack vector b ∈ m. The attackable region is an important concept that char- R acterizes the outcome of solving (SDP-FDIA), meaning that Definition 4 (Attackable region). The attackable region if a state is in the attackable region, then it is a candidate A(M, ρ) for a given set of measurement types M is the set of attack strategy as well as the unique solution of (FDIA-SE) states vat that is attackable for some M0 with bounded norm for some stealth attack. However, this does not imply that no kM0k2 ≤ ρ. stealth attack exists for a state v˜ that is not in the attackable region; in fact, we can always construct a stealth data injection In other words, for any state v ∈ A(M, ρ) in the at b = f(v˜) − v, where v is the true state. For example, if the attackable region, there exists a stealth attack b such that measurement set M is so small that a part of the grid remains (v , W = v v∗ , b) is a feasible solution of (SDP-FDIA) at at at unobservable (see Definition 1), then (FDIA-SE) does not have and that (v , W = v v∗ ) is optimal if we fix the attack b. at at at a unique solution for any stealth attack b. In that case, the The size of A(M, ρ) also depends on ρ; more specifically, we attack-targeted state v˜ does not belong to A(M, ρ). In light have A(M, ρ ) ⊆ A(M, ρ ) for ρ ≤ ρ . In what follows, 1 2 1 2 of Theorem 2, if a state v is attackable, then any state in we will characterize the attackable region. at its small neighborhood is also attackable. Since we do not Theorem 2. If A(M, ρ) is non-empty for some ρ > 0, the know the outcome of (SDP-FDIA) a priori, it is helpful to intersection of the attackable region and the observable set, design a particular rank penalty matrix M0; indeed, as shown i.e., A(M, ρ) ∩ V(M), is an open set. in Theorem 3, this can guarantee that a desired observable state is attackable. Further, Theorem 4 indicates that any Proof. See Appendix B. observable state is attackable over a set of branch power flow For some special cases, we can have a more explicit measurements. In fact, we will give an explicit formula for characterization of the attackable region, as explained later. M0 in this case (see the proof of Theorem 4 in Appendix D) such that the solution to (SDP-FDIA) is unique and in the Theorem 3. Consider the “target state attack” with ∗ ˆ ¯ ∗ ∗ form of (vˆ, W = vˆvˆ , b). h(v˜, W) = trace (W) − v˜ vtg − vtgv˜, where vtg ∈ V(M) is chosen to be observable. Then, vtg ∈ A(M, ρ) for some ρ > 0, i.e., vtg is attackable. C. Performance bounds for (SDP-FDIA) Proof. See Appendix B. The main objective of this section is to compare the solution of (SDP-FDIA) to an “oracle attack” to be defined later, and Note that the proof of Theorem 3 allows computing ρ provide guarantees for stealthy solutions (Lemma 2). First, we n explicitly. Define a set of voltages R(Y) ⊂ C b such that focus on the properties of the sabotage scale g(b) defined in v ∈ R(Y) if and only if, for each line l ∈ L that connect (FDIA-SE). nodes s and t, we have: Lemma 3. g(b) is convex and sub-differentiable. −π ≤ ∠vs − ∠vt − ∠yst ≤ 0 (8) Proof. See Appendix C. 0 ≤ ∠vs − ∠vt + ∠yst ≤ π (9) To proceed with the paper, we consider an “oracle attack” where y is the branch admittance between buses s and t. st that is able to solve (NC-FDIA-p). Since real-world transmission systems feature low resistance- ? nm to-reactance ratios, the angle of each line admittance yst is Definition 5 (Oracle attack). The oracle attack b ∈ R is close to −π/2 [4], and thus a realistic vector v would belong a global minimum of the nonconvex program (NC-FDIA-p). to R(Y) under normal conditions where the voltage phase Define B ⊆ Rnm as the set of all vectors in Rnm with the difference along each line is relatively small. The following same support as b?. result gives an explicit form for a region that is attackable, in Let ∆ = arg min k∆ − ∆ k2 be the projection of the case where the set of measurement types includes only the B ∆t∈B t 2 a vector ∆ onto the set B. The deviation of the solution of branch power flows and nodal voltage magnitudes, but not the (SDP-FDIA) from the oracle, namely ∆ˆ = bˆ − b?, belongs nodal bus injections. Henceforth, we will refer to this case as to a cone. the “special case” (compared to the “general case” where nodal ? bus injections can also be included in the measurements). Lemma 4. For every α ≥ 2k∂g(b )k∞, the error ∆ˆ = bˆ − b? belongs to the cone C(B, Bc; b?) = nb Theorem 4. Let V(M) ⊂ C denote the set of observable n {∆ ∈ m |k∆ c k ≤ 3k∆ k }. states for a given set of measurement types M including the R B 1 B 1 branch power flows and nodal voltage magnitudes, but not Proof. See Appendix D.

1   For a general set of measurements that might include an For an optimal solution of (SDP-FDIA), the term trace M0Wˆ can be bounded within limited ranges; as a result, g(b) acts as a “proxy” for arbitrary set of voltage magnitudes, nodal injections, and h¯(vˆ, Wˆ ). branch power flows as discussed in Sec. II-A, the following 8 theorem provides performance bounds and a condition for stealthy attack using (SDP-FDIA). Theorem 5. Consider (SDP-FDIA) for a “target state at- ¯ ∗ ∗ tack” with h(v˜, W) = trace (W) − v˜ vtg − vtgv˜, where ˆ vtg ∈ V(M) is chosen to be observable. Let (vˆ, Wˆ , b) denote an optimal solution of (SDP-FDIA) for an arbitrary α greater ? than or equal to 2k∂g(b )k∞. The difference between the sabotage scale of the solved attack and the oracle attack satisfies the inequalities:

ˆ ?   −2αk∆ˆ Bk1 ≤g(b)−g(b )≤α k∆ˆ Bk1 −k∆ˆ Bc k1 , where ∆ˆ = bˆ − b? is the difference with the oracle b?. Proof. See Appendix D. According to Theorem 5, there is a trade-off between attack sparsity and outcome in the sense that a tighter bound can be achieved with more entries outside the oracle sparse set B. However, this also means that the attacker needs to tamper with more sensors. Moreover, the matrix M0 in (SDP-FDIA) can be constructed systematically using the Gram-Schmidt process (as detailed in the proof of Theorem 3 in Appendix B). Fig. 3: The IEEE 30-bus test case [27]. IV. EXPERIMENTS TABLE I: Simulation experiments, lists of the regularization This section numerically studies the vulnerability of power parameters α and , the rank of Zˆ , and the cardinality of bˆ, system AC-based SE under FDIA. More specifically, the as well as the upper bound given by [25]. objective is to validate whether the solution of (SDP-FDIA) is sparse and stealthy. upper buses pass system α  rank(Zˆ ) Card(bˆ) We first study the 30-bus system provided in MATPOWER bound attacked* BDD [27] (Fig. 3). The states of this system are randomly initialized 6-bus† .4 1/6 1 18 40 [2,3,5,6] Yes with magnitudes close to 1 and small phases. We consider a 14-bus .2 1/14 1 16 46 [2,3,4] Yes comprehensive measurement portfolio, which includes nodal 30-bus 1.16 1/30 1 21 54 [12,14,15] Yes voltage magnitudes, power injections, and branch real/reactive 39-bus 1.82 1/39 1 18 36 [26,28,29] Yes power flows. To streamline the presentation, we will focus 57-bus 0.5 1/57 1 30 92 [6,7,8] Yes 2 on the target state attack, i.e., h(v˜) = kv˜ − vtgk2, where * The attacked bus numbers are identical to the MATPOWER description. the entries of the target vtg have been deliberately chosen † The 6-bus system is described in Fig. 2. to have low magnitudes (around 0.9), and phases identical to their counterparts in the true state. This would often trigger misguided contingency response, in an attempt to recover from power lines, as confined within the superset used to calculate the voltage sag [11]. Throughout the experiments, we assume the upper bound [25]. In addition, the spurious measurements that the sensor noise has a standard deviation of 1% of the against the original values are depicted in Fig. 5. Given the measurement value. presence of innate sensor noise, it is difficult to identify the An FDIA injection is obtained in Fig. 4 by solving attack on the raw measurement values by observation. In other (SDP-FDIA) with parameters listed in Table I. There are words, the attack is “hidden” among the sensor noises. 222 measurements in total, which are organized in Fig. 4a Assume that the FDIA visualized in Fig. 4 is successfully by voltage magnitudes (indices 1–5), nodal real and reactive implemented by the adversary on the set of measurements, power injections (indices 5–58), branch real power flows and then the system operator solves the SE problem using (indices 58–140), and branch reactive power flows (indices the Gauss-Newton algorithm implemented in MATPOWER 140–222). The FDIA injections for nodal measurements and (note that the attack is SE-algorithm-agnostic). The obtained branch measurements are also shown in Fig. 4. It can be spurious states are plotted against the true states for the voltage observed that the injection values are relatively sparse, es- magnitudes and phases in Fig. 6. Even though the system pecially for real power flows over branches (indices 1–82 in operates in a normal state with magnitudes in the prescribed Fig. 4c). This is due to the fact that they depend mainly on the interval [0.98, 1.02], FDIA “tricks” the operator to believe in phase differences between buses, but the target voltages have a potential voltage sag where some of the voltage magnitudes identical phases as the true state. The geographic locations are outside of the above interval (green area in Fig. 6). of the attacked sensors include the locations of buses under Consequently, the operator may take harmful contingency attack (buses 12, 14 and 15) and the locations of the adjacent actions. It is worthwhile to note that since the phases of the 9

(a) Full set of original measurements.

(b) FDIA on nodal power and voltage measurements. (c) FDIA on branch power flow measurements. Fig. 4: There are 222 measurements in total, which are organized in Figure (a) by voltage magnitudes (indices 1–5), nodal real and reactive power injections (indices 5–58), branch real power flows (indices 58–140), and branch reactive power flows (indices 140–222). The FDIA injections for nodal measurements are shown in Figure (b), where indices 1–5 and 5–58 correspond to voltage magnitudes and bus injections, respectively. The FDIA injections for branch measurements are provided in Figure (c), where indices 1–82 and 82–164 correspond to real power flows and reactive power flows, respctively.

FDIA on measurement value for a matrix L0 that satisfies the following properties: 1) 10 L0  0, 2) 0 is a simple eigenvalue of L0, 3) the vector vtg belongs to the null space of L0 (outlined in the proof 5 of Theorem 3). The matrix L0 is obtained via the standard Gram-Schmidt procedure by starting with the target vtg. For 0 the choice of , the proof of Theorem 3 (Appendix B) provides 1 a guideline to use the equation  = ∗ ; while vˆ cannot be -5 vtg vˆ ∗ known a priori, it is desirable to be close to vtg. Therefore, for Modified value (p.u.) -10 the 30-bus system, a value of  that leads to a rank-1 solution is -10 -5 0 5 10 close to 1/30≈0.033. In addition, the algorithm has been tested Original value (p.u.) on several other power systems, with parameters listed in Table I. According to the results, the constructed FDIA attack Fig. 5: This plot shows the spurious values against the original can always evade BDD detection with  close to 1/nb. Indeed, values for all the measurements. The identity relation y = x the measurement residuals are all on the order of 0.001, which is illustrated by the dotted line. It can be observed that, given are much lower than the BDD detection threshold. As for the the presence of innate sensor noise, the spurious values are sparsity, we have found that the cardinality Card(bˆ) is lower almost identical to the original measurements. than the upper bound by [25] at the obtained scale of attack. As the analysis shows, by having access to the sensor measurements, the adversary can solve (SDP-FDIA) to obtain designed target states vtg are identical to those of the true a sparse attack vector. To thwart FDIA, a set of security sensors states by design, the spurious states estimated by the operator may need to be placed at locations under potential attack as change insignificantly in phases, as shown in the right plot of indicated by bˆ of (SDP-FDIA). For any power system, the Fig. 6. cardinality of a potential FDIA stealth attack can be used to To examine the effect of the regularization parameter α on indicate the vulnerability of the system against potential cyber the solution sparsity, we have run ten independent experiments threat [14]. with random sensor noise values and plotted the cardinality of bˆ with respect to α, as shown in Fig. 7. While the absence V. CONCLUSION of k · k1 penalty (i.e., α = 0) results in a dense solution, a as α increases, the attack xˆ becomes significantly sparser This study analyzes the vulnerability of power system AC- compared to the upper bound provided by [25]. However, as based state estimation against a critical class of cyber attacks α continuously increase, since the attack becomes sparser, its known as false data injection attack. Since constructing an effect on SE reduces. This fact is reflected in the performance FDIA against AC-based state estimation requires solving a bounds in Theorem 5. highly nonconvex problem, it is often believed that such ∗ As for the choice of M0, we set M0 = −I + vtgvtg + L0, attacks could be easily detected. However, this study shows 10

FDIA on voltage magnitude FDIA on voltage phase 1.04 20 10

1 0 -10 Falsified |V| 0.96 Falsified phase -20 0.96 1 1.04 -20 -10 0 10 20 Actual |V| Actual phase

Fig. 6: These plots depict spurious state estimation against true state for voltage magnitude (left) and voltage phases (right). In both plots, the dotted line indicates the y = x relationship. For the magnitude plot, the green region specifies the normal operating interval [098, 1.02]. Observe that some spurious voltage magnitudes fall out of this prescribed operating region, while all of the spurious states have almost the same phases as their counterparts in the true states, due to the specifications by the FDIA target voltage vector.

Attack sparsity vs. regularization REFERENCES 60 [1] M. L. Tuballa and M. L. Abundo, “A review of the development of smart grid technologies,” Renewable and Sustainable Energy Reviews, 40 vol. 59, pp. 710–725, 2016. [2] S. Fattahi, M. Ashraphijuo, J. Lavaei, and A. Atamturk,¨ “Conic relax- ations of the unit commitment problem,” Energy, 2017. Card(b) 20 Upper bound [3] M. Jin, W. Feng, C. Marnay, and C. Spanos, “Microgrid to enable SDP-FDIA optimal distributed energy retail and end-user demand response,” Applied Energy, 2017. 0 0 0.5 1 1.5 [4] A. Abur and A. G. Exposito, Power system state estimation: theory and implementation. CRC press, 2004. regularization [5] A. Teixeira, K. C. Sou, H. Sandberg, and K. H. Johansson, “Secure control systems: A quantitative risk management approach,” IEEE Fig. 7: This plot shows the cardinality of the solution bˆ with Control Systems, vol. 35, no. 1, pp. 24–45, 2015. respect to α. The upper bound is derived according to [25]. [6] Y. Zhang, R. Madani, and J. Lavaei, “Conic relaxations for power system state estimation with line measurements,” IEEE Transactions on Control Ten independent experiments were performed to obtain the of Network Systems, vol. PP, no. 99, pp. 1–1, 2017. mean (red line) and min/max (shaded region). [7] National Academies of Sciences, Engineering, and Medicine, Enhancing the Resilience of the Nation’s Electricity System. Washington, DC: The National Academies Press, 2017. [8] J. McCalley, “Lecture notes EE 553: Steady-state analysis - Power sys- tem operation and control,” http://home.engineering.iastate.edu/∼jdm/ ee553/SE1.pdf, accessed: 2017-9-21. that a near-globally optimal stealth attack can be found effi- [9] W. Wang and Z. Lu, “Cyber security in the smart grid: Survey and challenges,” Computer Networks, vol. 57, no. 5, pp. 1344–1371, 2013. ciently for a general scenario through a novel convexification [10] D. Wei, Y. Lu, M. Jafari, P. M. Skare, and K. Rohde, “Protecting smart framework based on SDP, where the measurement set could grid automation systems against cyberattacks,” IEEE Transactions on include nodal voltage magnitudes, real and reactive power Smart Grid, vol. 2, no. 4, pp. 782–795, 2011. [11] S. Burke and E. Schneider, “Enemy number one for the electric grid: injections at buses, and power flows over branches. This mother nature,” SAIS Review of International Affairs, vol. 35, no. 1, pp. study further analyzes the “attackable region” and derives 73–86, 2015. performance bounds for a given set of measurement types [12] G. Liang, J. Zhao, F. Luo, S. Weller, and Z. Y. Dong, “A review and grid topology, where an attacker can plan an attack in of false data injection attacks against modern power systems,” IEEE Transactions on Smart Grid, vol. 8, no. 4, pp. 1630–1638, 2016. polynomial time with limited resources. [13] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in electric power grids,” ACM Transactions on Informa- For protection purposes, the results can be used to un- tion and System Security, vol. 14, no. 1, p. 13, 2011. derstand the mechanism of FDIA on AC-based SE in order [14] H. Sandberg, A. Teixeira, and K. H. Johansson, “On security indices for state estimators in power networks,” in First Workshop on Secure to design new BDD procedures. In addition, the outcome of Control Systems, Stockholm, 2010, 2010. anticipating such an attack can be used to evaluate the security [15] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, “Malicious data attacks on of a given system. Above all, the proposed convexification smart grid state estimation: Attack strategies and countermeasures,” in IEEE International Conference on Smart Grid Communications, 2010, method and its associated theoretical analysis can be applied pp. 220–225. to other nonconvex problems in power systems and beyond [16] L. Xie, Y. Mo, and B. Sinopoli, “False data injection attacks in where the solution requires sparsity and rank conditions. This electricity markets,” in IEEE International Conference on Smart Grid paper provides a detailed analysis on the design of a rank Communications, 2010, pp. 226–231. [17] G. Dan and H. Sandberg, “Stealth attacks and protection schemes for penalty function as well as bounds on the sparsity of the state estimators in power systems,” in IEEE International Conference optimal solution. on Smart Grid Communications. IEEE, 2010, pp. 214–219. 11

[18] Y. Yuan, Z. Li, and K. Ren, “Modeling load redistribution attacks in aˆ < −1 is similar). It is obvious that (ˆavˆ, Wˆ =a ˆ2vˆvˆ∗, bˆ) is power systems,” IEEE Transactions on Smart Grid, vol. 2, no. 2, pp. also feasible. This gives rise to the relation: 382–390, 2011. [19] F. Pasqualetti, R. Carli, and F. Bullo, “A distributed method for state h¯(vˆ, aˆ2vˆvˆ∗) = aˆ2vˆvˆ∗
− (v˜∗v + v∗ v˜) estimation and false data detection in power networks,” in IEEE Interna- trace tg tg tional Conference on Smart Grid Communications, 2011, pp. 469–474. 2 ∗
∗ ∗ > trace aˆ vˆvˆ − aˆ(v˜ vtg + vtgv˜) [20] J. Wang, L. C. Hui, S. Yiu, E. K. Wang, and J. Fang, “A survey on cyber 2 ∗ attacks against nonlinear state estimation in power systems of ubiquitous = h¯(ˆavˆ, aˆ vˆvˆ ), cities,” Pervasive and Mobile Computing, 2017. [21] J. Liang, O. Kosut, and L. Sankar, “Cyber attacks on ac state estimation: where the inequality follows from Assumption 2a. This con- Unobservability and physical consequences,” in IEEE PES General tradicts the optimality of (vˆ, Wˆ =a ˆ2vˆvˆ∗, bˆ). Therefore, we Meeting— Conference & Exposition , 2014, pp. 1–5. ˆ ∗ [22] K. C. Sou, H. Sandberg, and K. H. Johansson, “On the exact solution must have aˆ = 1, implying that W = vˆvˆ . to a smart grid cyber-security analysis problem,” IEEE Transactions on Recall that (NC-FDIA-c) provides a lower bound for Smart Grid, vol. 4, no. 2, pp. 856–865, 2013. (NC-FDIA-r), which is a reformulation of (NC-FDIA). There- [23] J. M. Hendrickx, K. H. Johansson, R. M. Jungers, H. Sandberg, and ˆ ∗ ˆ K. C. Sou, “Efficient computations of a security index for false data fore, since (vˆ, W = vˆvˆ , b) is feasible for (NC-FDIA-r), it attacks in power networks,” IEEE Transactions on Automatic Control, is optimal for (NC-FDIA). vol. 59, no. 12, pp. 3194–3208, 2014. [24] M. A. Rahman and H. Mohsenian-Rad, “False data injection attacks against nonlinear state estimation in smart power grids,” in IEEE Power B. Proof of Lemma 2 and Energy Society General Meeting, 2013, pp. 1–5. [25] G. Hug and J. A. Giampapa, “Vulnerability assessment of AC state Let (vˆ, Wˆ , bˆ) denote an optimal solution of (SDP-FDIA). estimation with respect to false data injection cyber-attacks,” IEEE If rank(Wˆ ) = 1, then using a similar reasoning as in the Transactions on Smart Grid , vol. 3, no. 3, pp. 1362–1370, 2012. ˆ 2 ∗ [26] S. Sridhar, A. Hahn, and M. Govindarasu, “Cyber–physical system proof for Theorem 1, we have W = a vˆvˆ for every |a| ≥ 1 security for the electric power grid,” Proceedings of the IEEE, vol. 100, due to the PSD constraint. Now, we show by contradiction no. 1, pp. 210–224, 2012. that the relation Wˆ = vˆvˆ∗ holds at optimality. Let (vˆ, Wˆ = [27] R. D. Zimmerman, C. E. Murillo-Sanchez,´ and R. J. Thomas, “MAT- 2 ∗ ˆ POWER: Steady-state operations, planning, and analysis tools for power aˆ vˆvˆ , b) be an optimal solution of (SDP-FDIA), and aˆ > 1 systems research and education,” IEEE Transactions on Power Systems, (the case aˆ < −1 is similar). It is obvious that (ˆavˆ, Wˆ = vol. 26, no. 1, pp. 12–19, 2011. aˆ2vˆvˆ∗, bˆ) is also feasible. For a fixed bˆ, this gives rise to the [28] R. Madani, J. Lavaei, and R. Baldick, “Convexification of power flow equations for power systems in presence of noisy measurements,” relation: 2016. [Online]. Available: http://www.ieor.berkeley.edu/∼lavaei/SE J ¯ 2 ∗ 2 ∗ 2016.pdf h(vˆ, aˆ vˆvˆ ) +a ˆ trace(M0vˆvˆ ) [29] D. L. Donoho, “Compressed sensing,” IEEE Transactions on information = aˆ2vˆvˆ∗
− (v˜∗v + v∗ v˜) +a ˆ2 (M vˆvˆ∗) theory, vol. 52, no. 4, pp. 1289–1306, 2006. trace tg tg trace 0 [30] R. Tibshirani, “Regression shrinkage and selection via the lasso,” 2 ∗
∗ ∗ 2 ∗ > trace aˆ vˆvˆ − aˆ(v˜ vtg + vtgv˜) +a ˆ trace(M0vˆvˆ ) Journal of the Royal Statistical Society. Series B (Methodological), pp. ¯ 2 ∗ 2 ∗ 267–288, 1996. = h(ˆavˆ, aˆ vˆvˆ ) +a ˆ trace(M0vˆvˆ ) [31] H. Wolkowicz, R. Saigal, and L. Vandenberghe, Handbook of semidef- inite programming: theory, algorithms, and applications. Springer where the inequality follows from Assumption 2b. This con- Science & Business Media, 2012, vol. 27. tradicts the optimality of (vˆ, Wˆ =a ˆ2vˆvˆ∗, bˆ). Therefore, we [32] R. Madani, J. Lavaei, and R. Baldick, “Convexification of power flow ˆ ∗ problem over arbitrary networks,” in IEEE Conference on Decision and must have aˆ = 1, implying that W = vˆvˆ . Moreover, since Control, 2015, pp. 1–8. ∗   [33] R. T. Rockafellar, Convex analysis. Princeton University Press, 2015. fi(vˆ) = trace (Mivˆvˆ ) = trace MiWˆ [34] S. N. Negahban, P. Ravikumar, M. J. Wainwright, and B. Yu, “A ˆ ˆ unified framework for high-dimensional analysis of m-estimators with = mi + bi = fi(v) + bi, ∀i ∈ [nm], decomposable regularizers,” Statistical Science, vol. 27, no. 4, pp. 538– 557, 2012. the stealth condition is satisfied, implying that bˆ is stealthy.

APPENDIX A APPENDIX B PROOFOF THEOREM 1 AND LEMMA 2 PROOFOF THEOREMS 2 AND 3 ¯ ∗ ∗ A. Proof of Theorem 1 In the case of h(v˜, W) = trace (W) − v˜ vtg − vtgv˜, the dual of (FDIA-SE) can be written as First, we prove that the equation rank(Wˆ ) = 1 implies that 1 vˆ∗  min ξ · (m + b) ˆ 2 ∗ ξ∈ nm ,q ∈ W = a vˆvˆ , for some a such that |a| ≥ 1. Since ˆ  R 0 R vˆ W  ∗  q0 −vtg 0, by Schur complement, we have Wˆ  0, and Wˆ −vˆvˆ∗  0. s. t. P  0, −vtg I + M0 + ξiMi Due to rank(Wˆ ) = 1, we can express Wˆ = ww∗. Since i ww∗ − vˆvˆ∗  0, one can write w = avˆ, where |a| ≥ 1 where ξ is the vector of dual variables. The complementary (otherwise, there exists a vector ν ∈ Cnb such that ν∗w = 0, slackness condition is given by: but ν∗vˆ 6= 0 and ν∗ (ww∗ − vˆvˆ∗) ν = −|ν∗vˆ|2 < 0, which  q −v∗  1 v˜∗  violates the PSD condition). 0 tg −v I + M + P ξ M v˜ W Now, we show by contradiction that the equation Wˆ = vˆvˆ∗ tg 0 i i i  ∗ ∗ ∗  holds at optimality. Assume that (vˆ, Wˆ =a ˆ2vˆvˆ∗, bˆ) is an q0 − v˜tgv˜ q0v˜ − v˜tgW = ∗ = 0. (10) optimal solution of (NC-FDIA-c) and that aˆ > 1 (the case −v˜tg + Q0v˜ −v˜tgv˜ + Q0W 12

ˆ Let (vˆ, Wˆ ) be an optimal solution of (FDIA-SE) and (ˆq0, ξ) A. Proof of Theorem 2 be a dual optimal solution. It follows from the above equation Define κ(H(ξ)) as the sum of the two smallest eigenvalues ∗ qˆ = v˜ v˜ˆ nb that 0 tg . By defining of the Hermitian matrix H(ξ) ∈ S . It can be shown that the X intersection of the attackable region and observable set, i.e., Q = I + M + ξ M , (11) 0 0 i i A(M, ρ) ∩ V(M), can be represented as i 1 ∗ {v ∈ V(M)|κ(H(ξ)) > 0, ξ ∈ Ω(L0, v)}. L0 = − vtgvtg + I + M0, (12) qˆ0 X The proof is similar to the argument made in Theorem 3 of H(ξ) = L0 + ξiMi, (13) [28]. Now, consider a vector v in {v ∈ V(M)|κ(H(ξ)) > i 0, ξ ∈ Ω(L0, v)}, and let δ denote the second smallest and using the Schur’s complement, the dual problem can be eigenvalue of H(M, ξ). Due to the continuity of the mapping reformulated as from a state v to a set Ω(L0, v), there exists a neighborhood nb min ξ · (m + b) T ∈ such that there exists a ξt ∈ Ω(L0, vt) with the n C ξ∈R m following property: X (FDIA-SE-d) √ s. t. H(ξ) = L0 + ξiMi  0. kH(ξ) − H(ξ )kF < δ (16) i t The following lemma proves strong duality between for every vt ∈ V(M) ∩ T (note that k.kF represents the (FDIA-SE) and its dual formulation. Frobenius norm). Using an eigenvalue perturbation argument (Lemma 5 in [32]), it can be concluded that H(ξ )  0 and Lemma 5. Suppose that there exists a vector v ∈ V(M) that t rank(H(ξ )) = nb − 1, which imply that κ(H(ξ )) > 0 and is feasible for (FDIA-SE). Then, strong duality holds between t t vt ∈ {v ∈ V(M)|κ(H(ξ)) > 0, ξ ∈ Ω(L0, v)}. Hence, (FDIA-SE) and its dual formulation (FDIA-SE-d). A(M, ρ) ∩ V(M) is an open set. Proof. To prove the lemma, it suffices to find a strictly feasible point for the dual problem. Since there exists a vector v ∈ B. Proof of Theorem 3 > ∗ V(M) that is feasible for (FDIA-SE), we have v J(v) 6= 0 Let M0 be chosen as M0 = −I + vtgvtg + L0, for some due to the full row-rank property of J(v). Therefore, there  > 0 and a matrix L0 satisfying the following properties: 1) ∗ exists an index i ∈ [nm] such that v Miv 6= 0. Let L0  0, 2) 0 is a simple eigenvalue of L0, 3) the vector vtg nm {d1, ..., dnm } denote the standard basis vectors in R . Then, belongs to the null space of L0. Let ρ = kM0k2 defined above. ˆ we can select ξ = ξ + δ × di for any feasible dual vector ξ, Note that ξ = 0 is a feasible dual point since H(0) = L0  0. where δ ∈ R is a nonzero number with an arbitrarily small Moreover, because of the equation H(0)vtg = L0vtg = 0, ∗ absolute value such that δ × v Miv > 0. Therefore, one can we have 0 ∈ Ω(L0, vtg). Since 0 is a simple eigenvalue of write: L0, it holds that κ(H(0)) = κ(L0) > 0. Therefore, it can ˆ X ˆ be concluded that vtg ∈ {v ∈ V(M)|κ(H(ξ)) > 0, ξ ∈ H(ξ) = L0 + ξiMi = H(ξ) + cMi 0 (14) Ω(L0, v)}. By the proof of Theorem 2, it follows that vtg is i attackable. if c is sufficiently small. Hence, ξˆ is a strictly feasible dual point and, by Slater’s condition, strong duality holds. APPENDIX C PROOFOF LEMMA 3 Definition 6. Define Ω(L0, v) as a set of dual variables such that For any two attacks b1 and b2, let the optimal states be denoted as (vˆ(1), Wˆ (1)) and (vˆ(2), Wˆ (2)). For every number J(v)ξ = −2L0v, (15) λ ∈ [0, 1], the point (λvˆ + (1 − λ)vˆ(2), λWˆ + (1 − λ)Wˆ (2)) for every ξ ∈ Ω(L , v), where J(v) ∈ (2nb−1)×nm is the 0 R is a feasible solution for the attack λb1 + (1 − λ)b2: Jacobian matrix in (5). g(λb + (1 − λ)b ) ≤ λg(b ) + (1 − λ)g(b ), P 1 2 1 2 Since H(ξ) = L0 + ξiMi, we have i which proves the convexity. In what follows, in addition to X 1 H(ξ)v = L0v + ξiMiv = L0v + 2 J(v)ξ = 0, proving the continuity of g(b), we will derive a bound on i the subgradient of g(b), which is used in Theorem 5. The for all ξ ∈ Ω(L0, v), which indicates that v lies in the null method is an extension of [31] to the primal formulation. In n space of H(ξ) ∈ S b for every ξ ∈ Ω(L0, v). particular, our analysis is a type of parametric programming, which characterizes the change of the solution with respect Lemma 6. For every v ∈ V(M) and n ≥ 2n − 1, there m b to small perturbations of the parameters (see [31], Ch. 4). is a vector ξ ∈ nm such that (15) is satisfied. Therefore, R Consider a disturbance γ to the vector b ∈ nm in (FDIA-SE) Ω(L , v) is nonempty for every observable state vector v. R 0 along the direction b. The primal problem changes as Proof. Since v ∈ V(M) is observable, J(v) has full row ¯ min h(v˜, W) + trace (M0W) v˜,W rank. This implies that, for every L0, as long as the number of columns of J(v), namely n , is greater than or equal to the s. t. trace (M W) = m + b + γb m i i i i (Pγ ) number of rows, namely 2nb −1, there is a vector ξ satisfying 1 v˜∗   0 (15). v˜ W 13

φ(γ + dγ) − φ(γ) and its dual formulation is given by: lim = ξ−(γ) · b dγ→−0 dγ min ξ · (m + b + γb) ξ,q0 holds for every γ ∈ int Γ.  q −v∗  (Dγ ) s. t. 0 tg  0 Proof. Since b(γ) · ξ(γ) = b(γ) · ξ+(γ) = b(γ) · ξ−(γ), one −v I + M + P ξ M tg 0 i i i can write: Let Γ be the set of all vectors γ for which (Dγ ) has a bounded φ(γ + dγ) − φ(γ) solution and is strictly feasible. Assume that 0 ∈ Γ. It is lim dγ→+0 dγ straightforward to verify that Γ is a closed (and possibly ξ(γ + dγ) · b(γ + dγ) − ξ(γ) · b(γ) unbounded) interval. Due to duality, (Pγ ) is feasible and has a = lim dγ→+0 dγ bounded solution for every γ ∈ Γ, and the duality gap is zero. b(γ) · (ξ(γ + dγ) − ξ(γ)) Let Fγ denote the feasible set of (Dγ ), b(γ) = m + b + = lim ξ(γ + dγ) · b + dγ→+0 dγ γb, and ξ(γ) ∈ {ξ : ξ = arg min{ξ · b(γ), ξ ∈ Fγ }. γ γ γ γ + Moreover, let φ(γ; b, b) = ξ(γ) · b(γ) be the optimal value = ξ (γ) · b function. Obviously, we have φ(0; b, b) = g(b) by the Slater’s according to Lemma 7. The proof for the case dγ → −0 is condition, and φ(γ; b, b) is concave in γ. We will use the similar. shorthand notation φ(γ) henceforth. Next, we derive the subdifferential of φ(γ), which is equiv- Notice that φ(γ) is continuously differentiable at γ if and + − alent to ∂g(b) when γ = 0 and b is one of the canonical only if b · ξ (γ) = b · ξ (γ), which occurs either when (Dγ ) basis in Rnm . For any γ ∈ int Γ, choose dγ small enough has a unique solution or any feasible direction of the optimal such that the point ξ(γ + dγ) lies in a compact set. Let ξ+(γ) face is orthogonal to b. To wrap up this section, we state the and ξ−(γ) denote the limit as dγ → +0 and −0, respectively. following lemma to bound the subdifferential ∂g(b). + − Lemma 7. The equations Lemma 9. Let [ξ (0)]i and [ξ (0)]i denote the i-th entry of ξ(dγ) as dγ → +0 and −0 along the direction of the i- b(γ) · (ξ(γ + dγ) − ξ+(γ)) lim = 0 th canonical basis in Rnm . For every attack b, assume that dγ→+0 dγ 0 ∈ Γ. The subdifferential of g(b) is bounded element-wise as − b(γ) · (ξ(γ + dγ) − ξ (γ)) + − lim = 0 [ξ (0)]i ≤ [∂g(b)]i ≤ [ξ (0)]i, ∀i ∈ [nm] dγ→−0 dγ hold for every γ ∈ int Γ. Proof. The proof follows from the strong duality between (Pγ ) and (Dγ ) at γ = 0, the concavity of φ(γ), and Theorem 24.1 + Proof. It is straightforward to verfiy that ξ (γ) is an optimal in [33] on the monotonicity of subdifferential. solution of (Dγ ). Assume that To summarize, we have shown that g(b) is continuous b(γ) · (ξ(γ + dγ) − ξ+(γ)) lim ≥  > 0. and convex (Lemma 3) with subdifferential depending on the dγ→+0 dγ dual solution (Lemma 9). These results are useful for proving Theorem 5. There exists a sequence {dγk} → +0 such that

b(γ + dγk) · ξ(γ + dγk) APPENDIX D + + ≥ b(γ+dγk)·ξ (γ)+dγk+dγkb·(ξ(γ+dγk)−ξ (γ))o(dγk) PROOFSOF THEOREMS 4 AND 5 + > b(γ + dγk) · ξ (γ) A. Proof of Theorem 4 For every vˆ ∈ V(M) ∩ R(Y), we show that by choosing if dγk is sufficiently small. This contradicts the optimality of b = f(vˆ)−m where f (vˆ) is given in (1), the unique optimal ξ(γ + dγk) for (Dγ+dγ ). Similarly, assume that i k solution of (FDIA-SE) is given by (vˆ, Wˆ = vˆvˆ∗), hence vˆ ∈ b(γ) · (ξ(γ + dγ) − ξ+(γ)) lim ≤  < 0 A(M, ρ) is attackable for some ρ defined below. Let M0 in dγ→+0 dγ (SDP-FDIA) be given by the formula:

Then, there exists {dγk} → +0 such that ∗ X ˜ (l) X ˜ (l) M0 = −I + vtgvtg + Mpf + Mpt , (17) + l∈L l∈L b(γ) · ξ(γ + dγk) ≤ b(γ) · ξ (γ) + dγk + o(dγk) + ˜ (l) ˜ (l) < b(γ) · ξ (γ), where  > 0 is a constant parameter, and Mpf and Mpt are nb + arbitrary matrices in H . For every (s, t) ∈ [nb]×[nb], assume which contradicts that ξ (γ) is optimal for (D ). A similar (l) (l) γ that the (s, t) entries of M˜ and M˜ are equal to zero if argument can be made in the case where dγ → −0. pf pt (s, t) 6∈ L and otherwise satisfy the following inequalities: We now derive the directional derivative of φ(γ). ˜ (l) −π ≤ ∠yst − ∠Mpf,st ≤ 0 (18) Lemma 8. The equations ˜ (l) π ≤ ∠yst + ∠Mpt,st ≤ 2π. (19) φ(γ + dγ) − φ(γ) + lim = ξ (γ) · b ρ = M dγ→+0 dγ Choose 0 defined in (17) accordingly. 14

 ∗  q0 q Let ξ ∈ Rnm and Q = ∈ Hnb+1 be the dual to lie in the second or third quadrants of the complex plane, q Q0 which is satisfied by the design in (18) and (19). variables. By the KKT conditions for optimality, we have: a) Our next goal is to show that rank(H(ξˆ)) = n − 1, or the stationarity conditions: q = −v and Q = I + M + b tg 0 0 equivalently, dim(null(H(ξˆ))) = 1. For every x ∈ null(H(ξˆ)), P ξ M , b) the dual feasibility condition: Q  0, and c) i i i since H(l)  0 and H(l)  0, we have H(l)x = H(l)x = 0. 1 v∗  pf pt pf pt the complementary slackness condition: Q = 0. Let By the construction of (20) and (21), for every line l with the v W xs xt 1 ∗ ∗ endpoints s and t, it holds that vˆ = vˆ . This reasoning can H(ξ) = − vtgvtg + Q0 and q0 = vtgv. Based on a) and s t x x q0 be applied to another line l0 :(t, a) to obtain t = a . By c), we have H(ξ)W = 0. Due to b) and Schur complement, vˆt vˆa repeating the argument over a connected spanning graph of it is required that H(ξ)  0. the network, one can obtain: By Slater’s condition, strong duality holds if one can x x x construct a strictly feasible dual solution ξˆ, which is optimal s = t = a = ··· = c (26) if KKT conditions are satisfied. The rank-1 condition for W vˆs vˆt vˆa ˆ follows if we can further show that rank(H(ξ)) = nb − 1 which indicates that x = γvˆ. As a result, dim(null(H(ξˆ))) = ˆ ˆ (since together with H(ξ)W = 0, it implies that W lies in 1 and rank(H(ξ)) = nb − 1. By the complementary slack- the null space of H(ξˆ), which is at most rank 1). ness condition, it can be concluded that rank(Wˆ ) = 1. By For the three types of measurements considered in this Lemma 2, we have Wˆ = vˆvˆ∗. We also know that b is stealthy ∗ paper, the measurement matrices are: 1) Mi = Ei for every since trace (vˆ Mivˆ) = mi + bi, ∀i ∈ [nm] by choice. (l) i ∈ N (associated with voltage magnitudes), 2) Mi+nb = Ypf for every i ∈ L (associated with real power flow from B. Proof of Theorem 5 the bus), and 3) M = Y(l) for every i ∈ L i+nb+nl pt In what follows, we will derive performance bounds for xˆ (associated with real power flow to the bus). By denoting compared to b?. By the definition of g(b) in (FDIA-SE), we ˆ P ˆ(l) P ˆ(l) ξ = l∈L ξpf + l∈L ξpt , we can write can rewrite (SDP-FDIA) only in terms of b as (l) (l) ˆ X (l) ˆ X (l) ˆ max g(b) + αkbk1 (P4) H(ξ) = Hpf (ξpf ) + Hpt (ξpt ), b l∈L l∈L ? ? ? ? Define r(∆) = g(b + ∆) − g(b ) + α(kb + ∆k1 − kb k1) ˆ ? where and ∆ˆ = b − b . The separability of the l1-norm yields that (l) (l) ˆ ˜ (l) ˆ(l) ˆ(l) ˆ(l) (l) ? ? ? H (ξ ) = M + ξ E + ξ E + ξ Y ˆ ˆ c ˆ pf pf pf pf,s s pf,t t pf,l+nb pf kb + ∆k1 ≥ kbB + ∆B k1 − kbBc + ∆Bk1 (l) (l) (l) (l) (l) (l) (l) ? ˆ ˆ H (ξˆ ) = M˜ + ξˆ E + ξˆ E + ξˆ Y = kbBk1 + k∆Bc k1 − k∆Bk1 pt pt pt pt,s s pt,t t pt,l+nl+nb pt ? ˆ ˆ P (l) P (l) 1 ∗ = kb k1 + k∆Bc k1 − k∆Bk1. and M˜ + M˜ = I + M0 − vtgv . Define l∈L pf l∈L pt q0 tg (l) Together with r(∆ˆ ) ≤ 0 that results from the optimality of bˆ, ξˆ in such a way that pf we have proved the upper bound. For the lower bound, one  ∗ (l)∗  2  (l)∗  2= vˆsvˆ M˜ |vˆs| = M˜ yst can write: (l) t pf,st (l) pf,st ξˆ =− , ξˆ = ? ? ? pf,l+nb ∗ ∗ pf,t ∗ ∗ g(bˆ) − g(b ) ≥ h∂g(b ), ∆ˆ i ≥ −|h∂g(b ), ∆ˆ i| = (ˆvsvˆt yst) = (ˆvsvˆt yst) (27) |vˆ |2 ≥ −k∂g(b?)k k∆ˆ k (28) ξˆ(l) = t ξˆ(l) + <(y )ξˆ(l) (20) ∞ 1 pf,s 2 pf,t st pf,l+nb |vˆs| α   ≥ − k∆ˆ Bk1 + k∆ˆ Bc k1 (29) (l) 2 and ξˆ such that pt ≥ −2αk∆ˆ Bk1 (30)  ∗ (l)∗  2  (l)  2= vˆsvˆ M˜ |vs| = M˜ yst where (27) is due to the convexity of g(b) (Lemma 3), (28) (l) t pt,st (l) pt,st ξˆ =− , ξˆ =− is by Holder’s¨ inequality, (29) is due to the assumption of α, pt,l+nb+nl = (ˆv vˆ∗y ) pt,t = (ˆv vˆ∗y ) s t st s t st and (30) is due to Lemma 4 (see [34], Lemma 1). |vˆ |2 ξˆ(l) = t ξˆ(l) + <(y )ξˆ(l) (21) pt,s 2 pt,t st pt,l+nb+nl |vˆs| where vˆ is an optimal solution of the primal problem (FDIA-SE). It can be verified that H(l)vˆ = 0, H(l)vˆ = 0, Ming Jin is currently pursuing the Ph.D. degree pf pt in electrical engineering and computer science with (l) (l) Hpf  0 and Hpt  0, as long as: the University of California, Berkeley. His current research interests include data-efficient algorithms −π ≤ ∠vˆs − ∠vˆt − ∠yst ≤ 0 (22) for improving cyber-physical human system effi- ciency and resilience. He was the recipient of the 0 ≤ ∠vˆs − ∠vˆt + ∠yst ≤ π (23) Siebel scholarship, Best Paper Award at the In- ˜ (l) ternational Conference on Mobile and Ubiquitous −π ≤ ∠yst − ∠Mpf,st ≤ 0 (24) Systems: Computing, Networking and Services, Best ˜ (l) Paper Award at the International Conference on Mo- π ≤ ∠yst + ∠Mpt,st ≤ 2π. (25) bile Ubiquitous Computing, Systems, Services and Technologies, Electronic and Computer Engineering Department Scholarship, The inequalities (22) and (23) are satisfied since vˆ ∈ R(Y). School of Engineering Scholarship, and University Scholarship at the Hong ˜ (l) ˜ (l) Kong University of Science and Technology. The inequalities (24) and (25) require that Mpf,st and Mpt,st 15

Javad Lavaei is an Assistant Professor in the De- partment of Industrial Engineering and Operations Research at University of California, Berkeley. He obtained his Ph.D. degree in Control and Dynamical Systems from California Institute of Technology in 2011. He has won multiple awards, including NSF CAREER Award, Office of Naval Research Young Investigator Award, AFOSR Young Faculty Award, DARPA Young Faculty Award, Donald P. Eckman Award, INFORMS Optimization Society Prize for Young Researchers, INFORMS ENRE Energy Best Publication Award, and SIAM Control and Systems Theory Prize. He is an associate editor of the IEEE Transactions on Smart Grid and of the IEEE Control Systems Letters, and serves on the conference editorial boards of the IEEE Control Systems Society and European Control Association.

Karl Henrik Johansson is Director of the Stock- holm Strategic Research Area ICT The Next Gen- eration and Professor at the School of Electrical Engineering, KTH Royal Institute of Technology. He received MSc and PhD degrees in Electrical Engineering from Lund University. He has held visiting positions at UC Berkeley, Caltech, NTU, HKUST Institute of Advanced Studies, and NTNU. His research interests are in networked control systems, cyber-physical systems, and applications in transportation, energy, and automation. He is a member of the IEEE Control Systems Society Board of Governors and the European Control Association Council. He has received several best paper awards and other distinctions, including a ten-year Wallenberg Scholar Grant, a Senior Researcher Position with the Swedish Research Council, the Future Research Leader Award from the Swedish Foundation for Strategic Research, and the triennial Young Author Prize from IFAC. He is member of the Royal Swedish Academy of Engineering Sciences, Fellow of the IEEE, and IEEE Distinguished Lecturer.